This whitepaper will introduce Solution Design Replatform to Amazon Web Services (AWS), the cloud computing service of Amazon.

Cloud Solution Design - Amazon Web Services (AWS)

DISCOVERY 

Why moving to the cloud 

- Financial Reasons 

o Reduce expenses 

o Increase operations 

o Enhance outcomes 

- Improve overall ROI

- Meet competitive challenges  

PRESENTING A SOLUTION

Current Architecture  

2-tier solution:

- web

- Database 

Access 

- Web tier: customers on web ports 

- Database tier: web tier on database ports 

Nightly database backups to tape 

Proposed Solutions 

Amazon Web Services (AWS) 

Replatform

To Be Cloud Architect 

- Web tier (Web Proxy) - Web (web traffic) Internet 

- App tier (App Server) - App (app traffic) Web 

- DB tier (Amazon RDS) - Databases (db traffic) App

- Bastion hosts (management traffic) – Small instance type 

- AWS Identity and Access Management (IAM) – least privilege  

- Security 

o Only the web hosts in public subnet 

o Security groups 

 Web - only allow internet traffic on 80/443

 App hosts - only allow web proxy on app port 

 Amazon Relational Database Service (Amazon RDS) - only allow app host on 3306

 The management of Bastion Host with Amazon EC2 Systems

o NACL (Network Access Control Lists) - as an additional layer 

o Amazon Simple Storage Service (Amazon S3) buckets have security features enabled 

o AWS Identity and Access Management (IAM) policies configured along the principles of least privilege 

o Monitoring and logging 

DELIVERING A PROOF OF CONCEPT (POC)

Evaluating the solution in the customer’s environment 

Let’s start AWS Free Tier - https://aws.amazon.com/free/ 

IMPLEMENTING SOLUTION

Production Solution Implementation 

KEY TAKEAWAYS

The Six R’s 

• Rehost 

Tools: AWS VM Import/Export 

• Replatform 

- Migrating databases to Amazon RDS 

- Migrating applications to Amazon Elastic Beanstalk 

• Refactor 

Using cloud native features 

• Retire

Shutting off non-useful applications 

Reducing spend, management, and security 

• Retain/Revisit 

Keeping certain applications on-premises 

• Repurchase 

Moving workflows to software as a service (SaaS) 

Cloud Architecture Best Practices  

- Design for failure and nothing fails

o Avoid single points of failure 

o Multiple instances 

o Multiple Availability Zones 

o Separate single server into multiple tired application 

o For Amazon RDS, use Multi-AZ feature  

- Build security in every layer

o Encrypt Data at rest and in transit 

o Enforce principle of least privilege in IAM 

o Implement both Security Groups and Network Access Control Lists (NACL) 

o Consider advanced security features and services 

- Leverage different storage options

o Move static web assets to Amazon S3

o Use Amazon CloudFront to serve globally 

o Store session state in DynamoDB

o Use ElastiCache between hosts and databases  

- Implement elasticity

o Implement Auto Scaling policies 

o Architect resiliency to reboot and relaunch 

o Leverage managed services like Amazon S3 and Amazon DynamoDB 

- Think parallel

o Scale horizontally, not vertically 

o Decouple compute from session/state 

o Use Elastic Load Balancing 

o Right-size your infrastructure  

- Loose coupling sets you free

o Instead of a single, ordered workflow, use multiple queues 

o Use Amazon Simple Queue Service (SQS) and Simple Notification Service (SNS) 

o Leverage existing services 

- Don’t fear constraints

o Rethink traditional constraints 

o Need more RAM? 

o Better IOPS for databases? 

o Response to failure  

Solution Design Replatform to Amazon Web Services (AWS)

Source: AWS